Under what circumstances is a doctor permitted to disclose confidential personal information about a patient without consent?

by Dunzelle Scholtz & Paulina Moncrieff | Norton Rose Fulbright Australia

While likely to be a rare occurrence for most medical practitioners, a question arises around your obligation to disclose information provided to you by a patient. When a patient discloses to you or you suspect they have engaged in illegal activity what can you do? 

Your general duty

The law imposes on a medical practitioner a duty to exercise reasonable care and skill in the provision of professional advice and treatment. That duty is a "single comprehensive duty covering all the ways in which a doctor is called upon to exercise his skill and judgment” and extends to the examination, diagnosis and treatment of the patient and the provision of information. Broadly speaking, your obligations in respect of doctor-patient confidentiality are determined by professional ethics, common law and legislation.

Doctor-patient confidentiality - An overview

Professional ethics - Your ‘go to’ is the Australian Medical Association (AMA) – Code of Ethics. If you work for the government, for example NSW Health, the NSW Health Code of Conduct (a comprehensive document) is your starting point. The AMA Code of Conduct requires medical practitioners to maintain a patient’s confidentiality, noting some exceptions such as:

• If there is a serious risk to the patient or another person
• Where required by law
• Where part of approved research
• Where there are overwhelming societal interests

Common law - A medical practitioner owes a patient a common law duty of confidentiality in relation to information obtained as part of the therapeutic relationship. This is not an absolute duty and there are some exceptions; if the patient waives their right to confidentiality, if there is a statutory or lawful excuse or when it is in the public interest to disclose the information. Common law duty of confidentiality includes but is not limited to;

• Scans
• X-rays
• Reports
• Test results

Legislation - There are also legislative requirements which impose obligations in relation to the disclosure, or not, of patient information. There is a consensus in the legislation that information can only be disclosed if the following conditions are met:

• The patient consents to the release of information
• Release occurs in connection with the administration of health legislation
• Release under subpoena in legal proceedings
• Another lawful excuse, such as public policy/interest

Can you keep a secret

Whilst medical practitioners are legally and ethically bound to ‘keep a secret’, to what extent can medical practitioners disclose information to third parties (eg Police) if there has been an admission of a crime in the course of a medical consultation? Generally speaking, it is illegal to withhold information from Police concerning the commission of a crime. In NSW, it is an offence to conceal a serious indictable offence (examples include murder, sexual assault, dangerous driving occasioning death or grievous bodily harm) This applies if:

• A serious indictable offence has been committed; and
• A person knows or believes that it has been committed; and
• A person has information that might assist in the apprehension, prosecution or conviction of the offender; and
• The person fails, without reasonable excuse, to bring the information to the attention of the police or other appropriate authority.

However, to prosecute a medical practitioner, psychologist or nurse thought to be withholding such information, which has been formed or obtained from information in the course of practising in that professional context, consent is first required from the Attorney General. The Attorney General will decide whether it is in the public interest to prosecute the individual under the relevant section of the Crimes Act (NSW). Commentary in relation to this provision, particularly from the Law Reform Commission, indicates it is likely to be determined it would not be in the best interests of the public to prosecute a doctor, nurse or psychologist for not breaching their duty of confidentially.

It is recognised that the therapeutic relationship is best served by patients being forthcoming with information about their personal circumstances and this is likely to be seriously compromised if patients know their clinician may be charged with an offence for withholding information obtained from them. Whilst this addresses at least generally, the position for clinicians in the criminal jurisdiction, what is the position in the civil jurisdiction – can clinicians be sued for damages for failing to disclose confidential information? Whilst there is no simple answer to this question, there is a case which provides some insight into the steps that should be taken when a medical practitioner is faced with a doctor – patient confidentially conundrum.

Case study

PD v Harvey [2003] NSWSC 487
In 2003, a GP was sued for failing to disclose to a patient that her future husband was HIV positive. Prior to the upcoming wedding, the future wife (PD) and the future husband (FH) attended their GP together to obtain health checks, including STI checks. PD was a virgin and FH was not. Following the checks and in separate consultations with PD and FH, the GP advised PD that she did not have any STIs and advised FH he was HIV positive. FH subsequently provided PD with fraudulent test results. PD and FH were married. PD contracted HIV. PD then sued the GP and the practice for, among other things, failing to disclose FH’s negative test results to her. The Court found that it is appropriate for a GP to counsel a patient with HIV and attempt to persuade that patient to inform other persons who may be at risk of infection. The GP was not obliged to inform persons at risk of infection (eg PD), as this would be contrary to doctor-patient confidentiality obligations. If the GP had jointly discussed with PD and FH, who would be given the test results and if their joint consent to disclosure had been obtained during that discussion, the GP and medical practice would have been authorised to provide PD with FH's test results.

Take home messages

The principal exception to a clinician’s duty of confidentiality is when there is a serious risk of immediate harm to the patient or a third party. When considering whether a clinician should disclose information which is confidential, serious thought needs to be given to the following:

• The seriousness of the offence involved ;
• Level of public risk – is there a risk of harm; and
• The impact the disclosure will have on the patient

If you find yourself in circumstances similar to those outlined above and you are unsure as to your obligations, call your adviser at MIPS to seek guidance and direction.

Resources:

• Rogers v Whitaker (1992) 175 CLR 479 at 483
• Health Records and Information Privacy (HRIP) Act 2002 (NSW)
• Mental Health Act 2007 (NSW)
• Public Health Act 2010 (NSW)
• Privacy Act 1988 (CTH)
• Children and Young Persons (Care and Protection) Act 1998 (NSW)
• Section 316 of the Crimes Act 1900 (NSW)
• A serious indictable offense means an indictable offence that is punishable by imprisonment for life or for a term of 5 years or more
• See Section 316(4) and the Crimes Act (NSW) regulations for full list

Privacy in healthcare

Privacy in a healthcare situation means that what you tell your healthcare provider, what they write down about you, any medication you take and all other personal information is kept private. You have a legal right to this privacy, and there are laws that guide health service providers in how they collect and record information about your health, how they must store it, and when and how they use and share it.  You can give any of your health professionals your consent to share your health information, for example, when you change doctors and you want your new doctor to have access to your medical history. You also have a legal right to access your health information. 

The Victoria Health brochure ‘Your Information, It’s Private’ should be available from your healthcare professional. It is also available in languages other than English.  

Health information is any information about a person’s health or disability, and any information that relates to a health service they have received or will receive. Health information is sensitive and personal, which is why there are laws to protect your rights to keep your health information private.

In Victoria, a health service is any organisation that collects information about people’s health, such as:

• doctors’ surgeries or clinics
• specialist clinics
• dental surgeries
• pharmacies
• public and private hospitals
• sexual health clinics
• disability services
• nutrition services, such as dietitians and nutritionists
• maternal and child health clinics
• allied health services, such as optometrists and physiotherapists
• naturopaths, chiropractors, massage therapists and other complementary medicine providers
• fitness providers, such as gyms, fitness trainers and weight loss services
• healthcare workers in childcare centres, schools, colleges and universities.

Exemptions to privacy laws

There are two types of situations where a health service may use or share your health information without your consent. These are:

• when your or someone else’s health or safety are seriously threatened and the information will help, such as if you are unconscious and paramedics, doctors and nurses need to know if you are allergic to any drugs
• when the information will reduce or prevent a serious threat to public health or safety, for example, if you have a serious contagious illness and the public needs to be warned.

There are certain exemptions that may apply in law enforcement situations and in a court of law. 

Health information privacy laws only apply rights to living people. They do not apply once the person is deceased.

You own your health information and decide who can access it. You always have the right to access it yourself by asking for a copy. You can keep a personal health record at home or via the free eHealth system, which is a secure online summary of your health information, run by the Commonwealth Government.

You control what goes into your eHealth record, and who is allowed to access it. You can add or delete information or change who has the right to access your record by changing the information online or by writing a letter stating the changes to eHealth. It allows you to choose which of your doctors, hospitals and other healthcare providers can view and share your health information to provide you with the best possible care. 

If you are a parent or guardian, you can access the health information of the children in your care. For someone who is over 18 years old, you can become their authorised representative if you have been given medical power of attorney, or if they have nominated you in an advance care plan.

Consent, medical treatment and health records in hospital

When you go to hospital, you can choose to give the staff access to your health records. You do not have to, but giving them your consent to access your information will help them provide the best care possible for you. Hospital staff are required to protect patients’ privacy and confidentiality. While you are in hospital, staff will create a file that includes information about any tests, treatment and medication they give you. You can access this information by asking for a copy and adding it to your personal health or eHealth record.

There are situations when a person can be admitted to hospital and treated without their consent. An example of this is an emergency situation where a person requires urgent treatment and is unable to communicate, for example, is unconscious. 

Your responsibilities about confidentiality and privacy

You can discuss your health and healthcare with anyone you choose, but you need to keep in mind that people who are not your healthcare providers are not bound by confidentiality rules. 

If you keep a personal health record, you are responsible for keeping it safe and private. However, an eHealth record is kept safe and private by the Department of Human Services.

Breaches to your privacy or confidentiality

If you think a healthcare provider is breaking or abusing your privacy or confidentiality, your first step is to ask them about it directly. Start by talking to the person involved, and then talk to the organisation they work for. It can help to write down your complaint, date and details to discuss as this can make it formal and you can keep a record of any conversations and correspondence.

If the issue is not resolved to your satisfaction, you can contact the Health Complaints Commissioner by calling 1300 582 113.

You can also use these channels to make an official complaint. You can do this online or by filling in a complaint form and emailing it to the commissioner.

Where to get help 

This page has been produced in consultation with and approved by:

This page has been produced in consultation with and approved by:

Content on this website is provided for information purposes only. Information about a therapy, service, product or treatment does not in any way endorse or support such therapy, service, product or treatment and is not intended to replace advice from your doctor or other registered health professional. The information and materials contained on this website are not intended to constitute a comprehensive guide concerning all aspects of the therapy, product or treatment described on the website. All users are urged to always seek advice from a registered health care professional for diagnosis and answers to their medical questions and to ascertain whether the particular therapy, service, product or treatment described on the website is suitable in their circumstances. The State of Victoria and the Department of Health shall not bear any liability for reliance by any user on the materials contained on this website.